It is often useful to store a password or other secret on a device, such as s smartphone or tablet, in order to allow the device to easily connect to services in the cloud or in the enterprise. However, storing the password is a risk, because if the device is stolen the password might be maliciously recovered. This risk is often mitigated by protecting the password and storing it as an encrypted bit string using a short secret as key to the encryption.
However, if the device is lost, an attacker may be able to guess the password based on a brute force attack, such as using every possible shorter secret to decrypt the password and determining which of these decrypted passwords looks like a password. Accordingly, there is a need to store passwords offline in a more secure way.